PAMSC/PIM All: PROGRAM class block run after update application.
search cancel

PAMSC/PIM All: PROGRAM class block run after update application.

book

Article ID: 214544

calendar_today

Updated On: 05-31-2021

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PROGRAM class is defined without flags.
For example,
  editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')

After upgrade this application, this app blocks to run as untrusted.
In audit log:
D MMM YYYY hh:mm:ss D PROGRAM      user01       Exec      250  2 /Full/path/to/app /usr/bin/bash        srchost

Why this command is blocked although user does not set flag?

Environment

Release : 14.1

Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX

Cause

After defined this rule, editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')
flags set as all as default.

ata for PROGRAM '/Full/path/to/app'
 -----------------------------------------------------------
Defaccess         : X
...
Trusted Pgm Info  : Mtime, Ctime, Mode, Size, Device, Inode, Crc, Sha1, Sha256, Sha384, Sha512, Owner, Group

Then, when app is updated, it checking by PAMSC and set untrust.
So, it blocked to run with setting as blockrun. 

Resolution

if you want to skip this check, rule is defined with flags(none).

editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody') flags(none)

Powered by Wolken Software